IT Security Newsletter

IT Security Newsletter - 10/20/2022

Written by Cadre | Thu, Oct 20, 2022

Microsoft "BlueBleed" data breach: customer details and email content exposed

Microsoft has admitted that it accidentally exposed sensitive customer data after failing to configure a server securely. Cybersecurity firm SOCRadar informed Microsoft about the embarrassing leak in September, which researchers claimed involved files dated from 2017 to August 2022. In addition, Microsoft warned that the exposed data may include "attached files relating to business between a customer and Microsoft or an authorized Microsoft partner." READ MORE...

Australian Health Insurer Medibank Admits Customer Data Stolen in Ransomware Attack

Australian health insurer Medibank has started informing customers that their personal information was potentially compromised during a recent cyberattack. The incident was initially identified on October 12 and was deemed as being "consistent with the precursors to a ransomware event", resulting in certain systems being taken offline for containment purposes. Medibank said its systems were not encrypted by ransomware during the incident. READ MORE...

Cost of a health insurance security breach? NY watchdogs say it's $4.5m

New York regulators continue turning the screws on organizations with slapdash computer security. This week, $4.5 million was extracted from vision insurance company EyeMed, which was accused of recklessly leaving hundreds of thousands of people's sensitive health information within reach of intruders. In addition to coughing up the cash to settle claims it violated New York State's Department of Financial Services' cyber security rules, EyeMed also agreed to improve its network defenses. READ MORE...

Hacking group updates Furball Android spyware to evade detection

A new version of the 'FurBall' Android spyware has been found targeting Iranian citizens in mobile surveillance campaigns conducted by the Domestic Kitten hacking group, also known as APT-C-50. The spyware is deployed in a mass-surveillance operation that has been underway since at least 2016. In addition, multiple cybersecurity firms have reported on Domestic Kitten, which they believe is an Iranian state-sponsored hacking group. READ MORE...

DeadBolt ransomware gang tricked into giving victims free decryption keys

Dutch police and other law enforcement agencies have managed to trick the DeadBolt ransomware operators into releasing 150 decryption keys for free. The method of obtaining decryption keys was found by a Dutch incident response company called Responders.NU, who shared the method with the police. The basis for the trick iss that it was possible to cancel an unconfirmed Bitcoin transaction before payment went through through, but after the decryption key was released. READ MORE...

Internet connectivity worldwide impacted by severed EU subsea cables

A major internet subsea fiber cable in the South of France was severed yesterday at 20:30 UTC, causing connectivity problems in Europe, Asia, and the United States, including data packet losses and increased website response latency. Cloud security company Zscaler reports that they made routing adjustments to mitigate the impact. However, users still face problems due to app and content providers routing traffic through the impacted paths. READ MORE...

CISA warns of security holes in industrial Advantech, Hitachi kit

This week, the US government's Cybersecurity and Infrastructure Security Agency (CISA) expanded its ever-growing list of vulnerability in industrial control systems (ICS) and critical infrastructure technology. The latest warnings flag up severe flaws in products from Advantech and Hitachi Energy, which serve both consumer and commercial markets. The twin advisories include alerts about security holes in Advantech's R-SeeNet that can be exploited by remote attackers. READ MORE...

Women in Cryptology - USPS celebrates WW2 codebreakers

The US Postal Service just issued a commemorative stamp to remember the service of some 11,000 women cryptologists during World War 2. Like their Bletchley Park counterparts in the UK, these wartime heros didn't finish the war with any sort of hero's welcome back into civilian life. Indeed, they got no public recognition at all for the amazing physical and intellectual effort they put into decrypting and decoding enemy intelligence. READ MORE...

  • ...in 1818, The United States and Britain establish the 49th Parallel as the boundary between Canada and the United States.
  • ...in 1870, The Summer Palace in Beijing, China, is burnt to the ground by a Franco-British expeditionary force.
  • ...in 1944, U.S. troops land on Leyte in the Philippines, keeping General MacArthur's pledge "I shall return."
  • ...in 1968, Jacqueline Kennedy marries Aristotle Onassis.